The invention generally relates to storing, protecting, and accessing data.
One of the key advantages of storing large amounts of data in a database is that a specific subset of the stored data can be retrieved in an organized manner. Often, the subset of the stored data that is retrieved is analyzed to study various indications, such as economic trends, consumer reactions, and the like. To learn about customers, businesses are collecting various types of information about their customers, such as personal data, geographic/demographic data, purchasing habits, and so forth. Such customer data are stored in a database system, such as in a relational database management system (RDBMS), where the data can be processed and sorted into a format suitable for reporting or analysis. An example of a database system in which such information is collected is a data warehouse in which data is input from a variety of sources and organized into a format that is structured for query and analysis or reporting. The volume of data collected in a large data warehouse is typically in the gigabyte and sometimes in the terabyte or higher range.
To handle the massive amount of data that is collected and processed in such data warehouses, sophisticated platforms are typically employed. The platforms include parallel processing systems, such as massive parallel processing (MPP) systems or symmetric multiprocessing (SMP) systems. An MPP system typically is a multi-node system having a plurality of physical nodes interconnected by a network. An SMP system typically is a single-node system having multiple processors. Collected data is stored in storage devices in such systems, which are accessible by the various nodes or processors to perform processing. In a parallel system, stored data portions are accessible in parallel to increase access speeds.
Many times, data from a storage database is extracted for consumer profiling. For example, using records of retail transactions of a customer, a consumer profile that includes spending habits can be created. The spending habits in the consumer profile can include the types of goods acquired and the method of payments, such as the types and numbers of credit cards used. It is generally desirable to restrict access to such sensitive data to reduce the possibility of fraud. Sensitive data that contain credit card information may be communicated between a database and a number of client computer systems that may be remotely located; therefore, measures to secure the data is important.
Presently, access to sensitive data, such as credit card information, stored in a relational database is restricted using constraints in the user interface that is used to view the data. While these constraints protect against unauthorized access through such a user interface, they do not prevent unauthorized parties from intercepting the data transmission, such as from a server computer system to a client computer system. Further more, the present methods do not prevent sensitive data from being intercepted by field personnel who are analyzing computer crash dump data. Simply encrypting the sensitive data can protect against this type of unauthorized access, however, it also introduces an exorbitant amount of processing overhead when complex comparisons or aggregations are performed on the data.
In general, according to one embodiment, a method of presenting information relating to a database system is provided. A custom defined data type is assigned to data stored in the database system, the custom data type associating an access restriction to the data. A request for the data in the database system is received. The data for transmission is prepared in response to the request for data, based on the access restriction. The data is sent to a remote device over a network connection.
In general, in accordance with another embodiment, an apparatus for presenting information relating to a database system is provided. The apparatus of the present invention comprises: a first database; an interface to a network connection; and a first database controller coupled to the first database, wherein the first database controller is capable of performing a user-defined type security protocol to protect data stored in the first database and to transmit the data over the network connection, the user-defined type security protocol identifying an access restriction associated with a defined data type.